Card not present

A card-not-present transaction (abbreviated CNP transaction ) is a payment card - the transaction in which the cardholder presenting the card for testing a dealer at the time the order is not physically or unable to provide such. B. when ordering via catalog by post, fax , telephone or the Internet .

Card-out-of-presence transactions make up a large part of credit card fraud because it is difficult for a merchant to verify that the actual cardholder authorizes a purchase.

If a fraudulent CNP transaction is reported, the acquirer who holds the merchant account and who received the money from the fraudulent transaction must make a return. In contrast , in the case of a fraudulent swiped transaction (i.e. with a card), the card issuer is obliged to return it. Because of the greater risk, some card issuers charge a higher transaction fee for merchants who routinely conduct card-less transactions.

The Card Validation Code was introduced to reduce the frequency of credit card fraud from CNP.

Shipping fraud

If a card is not physically presented when a customer makes a purchase, the merchant must rely on the cardholder or whoever pretends to be the cardholder by presenting information indirectly, whether by mail, telephone or via the Internet .

Courier services can guarantee delivery of goods to a location, but they are usually not required to verify identification, and they are usually not involved in processing payments for the goods. A common measure for merchants to prevent shipping fraud is to only allow shipping to an address approved by the cardholder. Merchant banking systems provide simple methods for verifying this information.

Small transactions tend to be less vigilant and are more likely not to be investigated by the card issuer or the merchant. CNP merchants must take additional precautions against fraud and related losses, and they pay higher prices for the privilege of accepting cards. Fraudsters take advantage of the fact that many methods of fraud prevention are not applied to small transactions.

Trade associations have developed some preventive measures, such as: B. One-time card numbers, but these have not been very successful. Customers expect to be able to use their credit card without any problems and have little incentive to take additional security from laws that limit customer liability in the event of fraud. Retailers can implement these preventive measures, but run the risk of losing sales if the customer decides not to use the measures.

Amounted to

The US Federal Trade Commission uncovered a fraud that charged more than $ 10 million in fraudulent charges on credit and debit cards between 2006 and 2010 . The perpetrators used more than 100 trading accounts they had opened for settlement.

Each trading account was attached to a Taxpayer Identification Number that belonged to a real trader with a similar sounding name. Each merchant account was linked to an 0800 number from CallMe800. Each account was also linked to a specially created website. In addition, physical addresses of companies that rent out virtual offices , such as office space, were rented for each merchant account . B. Regus . These virtual office firms, unaware of the fraud and otherwise not involved, then forwarded all mail received in the virtual office to Earth Class Mail , a digital mailroom service that delivered mail from the physical address of the merchant's account scanned and forwarded as a PDF to the email accounts created by the fraudsters. The scammers made sure they used an IP address near the billing address to verify their online merchant accounts so as not to arouse suspicion.

A fee of $ 9 each was processed on approximately one million credit cards over the four year period. Each card was billed once. Credit card companies will only investigate if the fee is more than $ 10 as it is not worth investigating below. Then the money was transferred to bank accounts in Lithuania, Estonia, Latvia, Bulgaria, Cyprus and Kyrgyzstan, where the money could not be tracked. The perpetrators experimented with a 20-cent fee; that was more suspicious than the $ 9 fee. Only about 10 percent of the fraudulent charges were ever reported or contested by the actual cardholder.

Avoiding fraud in CNP transactions

With online spending on the rise, an increase in online transaction fraud is also expected. Efforts have been made around the world to combat the online transactional fraud that occurs when using CNP transactions. In 2001 Visa created an authentication standard for CNP eCommerce payments called 3 Domain Secure, commonly referred to as 3-D Secure . 3D Secure offers three-layer protection for added security for consumers.

Through the efforts of a network of companies including American Express , Discover , JCB , Mastercard , UnionPay, and Visa, 3D Secure has evolved into its newest form, 3D Secure 2.0. These six companies are working together as a group called EMVCo to build a worldwide system that enables the acceptance of secure payment transactions. The use of 3D Secure is most widespread in European countries such as Belgium, Switzerland and the Netherlands, although it is expected to gain momentum worldwide in the coming years.

The 3D Secure 2.0 system is not without criticism as the method’s critics point to its shortcomings, such as slowing down transactions and introducing complex legal concerns. Another problem is that 3D secure authentication has a negative impact on the transaction conversion rate. The extra layers of authentication mean more work for consumers, and as a result, some consumers may be demotivated by the extra efforts to complete their transaction.

Some critics suggest a path that is very similar to the chip technology that was introduced to combat credit card fraud. To commit credit card fraud, criminals replicate stolen customer information onto blank cards for use in fraudulent purchases. This approach to reducing the prevalence of CNP transactional fraud would use the same chip technology that reduces credit card fraud on devices such as computers, tablets, and smartphones. This hardware approach is considered by some to be a safer way to reduce CNP transaction fraud.

An alternative method was introduced through dynamic or continuously changing CVV numbers . The CVV number works in a similar way to two-factor authentication in that it provides additional confirmation that the person making the purchase actually has the card they claim to have. This makes the data from the data breaches of the last few years less valuable, as the CVV numbers are no longer static: whatever the CVV number is in the database, it is no longer relevant because the number changes dynamically. This presents a challenge that many retailers face. CVV numbers became unusable due to the extensive data breaches that many made public. In a presentation on a case study with the online digital goods market, Fiverr , Forter, a fraud prevention company, found that the stolen data sold on criminal online marketplaces comes with CVV by default. Because of this, Fiverr found that removing the requirement for CVV on their website didn't result in more fraud. Dynamic CVVs would mean that CVV numbers could again become useful in blocking fraudulent attempts.

Individual evidence

↑ ^a ^b Randall Stross: $ 9 Here, 20 Cents There and a Credit-Card Lawsuit . In: New York Times , August 21, 2010. Retrieved August 24, 2010. "If a credit card is physically swiped in the transaction, the bank that issued the card is on the hook for fraudulent charges. If it is a phone or Internet purchase - called a card-not-present transaction - the bank that hosted the merchant account that received the ill-gotten charges must make restitution, said Ms. Litan, the Gartner analyst. "
↑ ^a ^b FTC Says Scammers Stole Millions Using Virtual Companies . In: PCWorld , June 27, 2010. Retrieved April 27, 2017. "The scammers stayed under the radar by charging very small amounts - typically between $ 0.25 and $ 9 per card - and by setting up more than 100 bogus companies to process the transactions . ... According to the FTC, the fraudsters charged 1.35 million credit cards a total of $ 9.5 million, but only 78,724 of these fake charges were ever noticed. "
↑ FTC Cracks Down On Micropayment Credit Card Scam . In: CRN Magazine , June 28, 1010. Retrieved April 28, 2017. "Altogether, the thieves charged a total of $ 9.5 million from a total of 1.35 million compromised cards over a period of four years starting in 2006. However, only about 10 percent of the fraudulent charges were ever reported or contested, according to the FTC. "
↑ Global Card-Not-Present Authentication Standards in 2017 (PDF) GPayments. Retrieved April 28, 2017.
↑ This breakthrough number-changing credit card may help eliminate fraud . ZDNet. Retrieved April 28, 2017.

[cents-1] Randall Stross: $ 9 Here, 20 Cents There and a Credit-Card Lawsuit . In: New York Times , August 21, 2010. Retrieved August 24, 2010. "If a credit card is physically swiped in the transaction, the bank that issued the card is on the hook for fraudulent charges. If it is a phone or Internet purchase - called a card-not-present transaction - the bank that hosted the merchant account that received the ill-gotten charges must make restitution, said Ms. Litan, the Gartner analyst. "

[pc-2] FTC Says Scammers Stole Millions Using Virtual Companies . In: PCWorld , June 27, 2010. Retrieved April 27, 2017. "The scammers stayed under the radar by charging very small amounts - typically between $ 0.25 and $ 9 per card - and by setting up more than 100 bogus companies to process the transactions . ... According to the FTC, the fraudsters charged 1.35 million credit cards a total of $ 9.5 million, but only 78,724 of these fake charges were ever noticed. "

[crn-3] FTC Cracks Down On Micropayment Credit Card Scam . In: CRN Magazine , June 28, 1010. Retrieved April 28, 2017. "Altogether, the thieves charged a total of $ 9.5 million from a total of 1.35 million compromised cards over a period of four years starting in 2006. However, only about 10 percent of the fraudulent charges were ever reported or contested, according to the FTC. "

[gp-4] Global Card-Not-Present Authentication Standards in 2017 (PDF) GPayments. Retrieved April 28, 2017.

[zdnet-5] This breakthrough number-changing credit card may help eliminate fraud . ZDNet. Retrieved April 28, 2017.